Hello.I create this discussion because of the following problem I'm encountering.Here is the situation :I have multiple servers which are in a secure network zoneI have another server where nginx is installedThe NGINX server has access to a remote destination (a gitlab) through a proxySo the flow is the following : Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab in another network zone.Is it possible to tell nginx to use this "squid-proxy" to reach the gitlab server, please ?For the moment, I have this configuration : server { listen 443 ssl; server_name <ALIAS DNS OF NGINX SERVER>; ssl_certificate /etc/nginx/certs/mycert.crt; ssl_certificate_key /etc/nginx/certs/mykey.key; ssl_session_cache shared:SSL:1m; ssl_prefer_server_ciphers on; access_log /var/log/nginx/mylog.access.log; error_log /var/log/nginx/mylog.error.log debug; location / { proxy_pass https://the-gitlab-host:443; } } But it does not work. When I try to perform a git command from a server in secure zone, it fails and in the nginx logs I see a timeout, which is normal, because nginx does not use the squid proxy to reach the gitlab server.Thank you in advance for your help !Best regards.

Could you elaborate a bit more? Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?

Forum Discussion

pepito

Altocumulus

Sep 14, 2022

Solved

How to tell nginx to use another proxy to reach destination server ?

Hello.

I create this discussion because of the following problem I'm encountering.

Here is the situation :

I have multiple servers which are in a secure network zone
I have another server where nginx is installed
The NGINX server has access to a remote destination (a gitlab) through a proxy

So the flow is the following : Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab in another network zone.

Is it possible to tell nginx to use this "squid-proxy" to reach the gitlab server, please ?

For the moment, I have this configuration :

server {
  listen 443 ssl;
  server_name <ALIAS DNS OF NGINX SERVER>;

  ssl_certificate /etc/nginx/certs/mycert.crt;
  ssl_certificate_key /etc/nginx/certs/mykey.key;
  ssl_session_cache shared:SSL:1m;
  ssl_prefer_server_ciphers   on;

  access_log /var/log/nginx/mylog.access.log;
  error_log  /var/log/nginx/mylog.error.log debug;

  location / {
    proxy_pass https://the-gitlab-host:443;
  }
}

But it does not work. When I try to perform a git command from a server in secure zone, it fails and in the nginx logs I see a timeout, which is normal, because nginx does not use the squid proxy to reach the gitlab server.

Thank you in advance for your help !

Best regards.

application delivery

Kevin_Stewart
Sep 15, 2022
Could you elaborate a bit more?

Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab

Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?

3 Replies

Kevin_Stewart
Employee
Sep 15, 2022
Could you elaborate a bit more?

Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab

Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?
pepito
Altocumulus
Oct 28, 2022
Hello Kevin.
Sorry for the delay of my answer.
Yes, I am using nginx as a reverse proxy.
To reach the gitlab specific destination, it needs to use a forward proxy and I don't know how to configure that. Do you know how to do it ?
Thanks in advance.
hmi
Nimbostratus
Dec 09, 2022
I have a similar requirement, the Nginx has to go through a Squid HTTP proxy to access the target destination.
how to configure it?

Thank you.